70
Section 3: Configuring the Access Point
LAPAC1750PRO Access Point Software User Manual
Action
Specifies whether the ACL rule permits or denies an
action
•
When you select Permit, the rule allows all traffic
that meets the rule criteria to enter or exit the
AP (depending on the ACL direction you select)
Traffic that does not meet the criteria is dropped
•
When you select Deny, the rule blocks all traffic
that meets the rule criteria from entering or
exiting the AP (depending on the ACL direction
you select) Traffic that does not meet the criteria
is forwarded unless this rule is the final rule
Because there is an implicit deny all rule at the
end of every ACL, traffic that is not explicitly
permitted is dropped
Match Every
Indicates that the rule, which either has a permit or
deny action, will match the frame or packet regardless
of its contents
If you select this field, you cannot configure any
additional match criteria The Match Every option is
selected by default for a new rule You must clear the
option to configure other match fields
IPv4 ACL
Protocol
Select the Protocol field to use a Layer 3 or Layer 4
protocol match condition based on the value of the
IP Protocol field in IPv4 packets or the Next Header
field of IPv6 packets
Once you select the field, choose the protocol to
match by keyword or enter a protocol ID
Select From List
Select one of the following protocols from the list:
•
IP
•
ICMP
•
IGMP
•
TCP
•
UDP
Match to Value
To match a protocol that is not listed by name, enter
the protocol ID
The protocol ID is a standard value assigned by the
IANA The range is a number from 0–255
Source IP Address
Select this field to require a packet’s source IP address
to match the address listed here Enter an IP address
in the appropriate field to apply this criterion
Wild Card Mask
Specifies the source/destination IP address wildcard
mask
The wild card mask determines which bits are used
and which bits are ignored A wild card mask of
255 255 255 255 indicates that no bit is important
A wildcard of 0 0 0 0 indicates that all of the bits
are important This field is required when Source IP
Address is checked
A wild card mask is in essence the inverse of a subnet
mask For example, to match the criteria to a single
host address, use a wildcard mask of 0 0 0 0 To
match the criteria to a 24-bit subnet (for example,
192 168 10 0/24), use a wild card mask of 0 0 0 255
Содержание LAPAC1750PRO
Страница 1: ...LAPAC1750PRO User Guide ...